Server certificate issuing system
Abstract
A server certificate issuing system confirms existence of a Web server for which a certificate is to be issued. The web server includes means for generating an entry screen to input application matters for an issuance of a server certificate, means for generating a key pair a public key and a private key, means for generating a certificate signing request file (CSR) containing the generated public key, and means for generating a verification page indicating intention of requesting the issuance of the certificate. A registration server retrieves the CSR from a received server certificate request and accesses the Web server to read the verification information, and compares the read verification information with the CSR. If the verification information read from the Web server is identical to the CSR, it is determined that the Web server for which the server certificate is to be issued exists.
Claims
exact text as granted — not AI-modified1. A server certificate issuing system comprising a registration server provided in a registration authority to receive a server certificate request transmitted from a Web server via a network and to transmit a certificate signing request file (CSR) which is included in said server certificate request to an issuing authority after performing a predetermined examination, and a certificate issuing server provided in the issuing authority to receive the CSR transmitted from the registration server, to generate a server certificate with a digital signature, and to transmit the generated server certificate to said registration server, wherein
said Web server comprises
means for generating an entry screen to input application information,
means for generating a key pair of a public key and a private key,
means for generating the CSR containing the generated public key,
verification page generating means for generating a verification page to indicate intention of requesting an issuance of the server certificate and storing verification information in said verification page,
means for generating the server certificate request containing an application information including at least the generated CSR and the address information of said Web server, and
means for transmitting the generated server certificate request to the registration server provided in the registration authority, and
said registration server comprises
means for receiving the server certificate request transmitted from said Web server,
verification information reading means for accessing the verification page of the Web server based on the address information contained in the received server certificate request to read out the verification information indicated on the verification page,
verification means for comparing the read verification information with the information contained in the server certificate request, and
means for transmitting the CSR contained in the received server certificate request to the certificate issuing server,
means for receiving the server certificate transmitted from the certificate issuing server,
download means for downloading the server certificate to the Web server, and wherein said registration server transmits the CSR contained in said server certificate request to the certificate issuing server only when said verification means has judged that the verification page has been generated, as the result of the verification.
2. The server certificate issuing system according to claim 1 , wherein
said verification page generating means of said Web server performs an encryption operation for a part of the information contained in the server certificate request using a predetermined encrypting arithmetic expression and displays the obtained encrypted data as the verification information on the verification page, and
said verification means of the registration server performs an encryption operation for a part of the information contained in the received server certificate request using said predetermined encrypting arithmetic expression to verify whether the verification page has been generated or not by comparing the generated encrypted data with the verification information read out from the verification page.
3. The server certificate issuing system according to claim 1 , wherein an IP address or FQDN of said Web server or URL information of the verification page are used as the address information of the Web server contained in said server certificate request.
4. The server certificate issuing system according to claim 3 , wherein said registration server accesses the URL of the verification page contained in the server certificate request to read out the verification information.
5. The server certificate issuing system according to claim 3 , wherein
said registration server has means for generating the URL of the verification page using the FQDN or the IP address of the Web server and the title of the verification page contained in the server certificate request to access the verification page of the Web server identified by the generated URL in order to read out the verification information.
6. The server certificate issuing system according to claim 1 , wherein
said Web server has a control panel to mainly configure and manage the Web and email of said Web server, and wherein
the means for generating the entry screen to input the application information, the means for generating the key pair, the means for generating the CSR, the means for generating the verification page, and the means for generating the server certificate request are loaded on said control panel.
7. The server certificate issuing system according to claim 1 , wherein
said Web server has status inquiry means for inquiring of the registration server as to the issuance status of the certificate, and performs the status inquiry periodically using an assigned application ID as a key.
8. The server certificate issuing system according to claim 7 , wherein said registration server further comprises
means for storing the received server certificate in a download area,
means for responding to the status inquiry transmitted from said Web server, and and
when said registration server receives the status inquiry from the Web server, said registration server confirms whether a corresponding server certificate is stored in the download area or not, and if the server certificate is stored, as a response to said status inquiry, the server certificate stored in the download area is downloaded to the Web server,
and wherein
the processes from the application for issuance of the server certificate to the downloading of the issued server certificate to the Web server are automatically executed in series.
9. The server certificate issuing system according to claim 1 , wherein an administrator of the Web server accesses the Web server managed by him/her via a terminal and a network, calls the entry screen to input the application information of the server certificate and inputs required application details into the entry screen.
10. The server certificate issuing system according to claim 1 , wherein said registration server further comprises means for obtaining an IP address corresponding to a domain name of said Web server by directly accessing a primary domain name server (DNS) which manages a database storing a relationship between the domain names and the IP addresses, and means for comparing the obtained IP address with an IP address of the verification page, wherein if both the IP addresses are not identical to each other, the server certificate request is processed to be an error.
11. A server certificate issuing system comprising a registration server provided in a registration authority to receive a server certificate request transmitted from a Web server via a network and to transmit a certificate signing request file (CSR) which is included in said server certificate request to an issuing authority after performing a predetermined examination, and a certificate issuing server provided in the issuing authority to receive the CSR transmitted from the registration server, to generate a server certificate with a digital signature, and to transmit the generated server certificate to said registration server, wherein
said Web server comprises
means for generating an entry screen to input application information,
means for generating a key pair of a public key and a private key,
means for generating the CSR containing the generated public key,
verification page generating means for generating a verification page to indicate intention of requesting an issuance of the server certificate and storing verification information in said verification page,
means for generating the server certificate request containing an application information including at least the generated CSR and the address information of said Web server, and
means for transmitting the generated server certificate request to the registration server provided in the registration authority, and
said registration server comprises
means for receiving the server certificate request transmitted from said Web server,
verification information reading means for accessing the verification page of the Web server based on the address information contained in the received server certificate request to read out the verification information indicated on the verification page,
verification means for comparing the read verification information with the information contained in the server certificate request, and
means for transmitting the CSR contained in the received server certificate request to the certificate issuing server,
means for receiving the server certificate transmitted from the certificate issuing server,
download means for downloading the server certificate to the Web server, and wherein
said registration server transmits the CSR contained in said server certificate request to the certificate issuing server only when said verification means has judged that the verification page has been generated, as the result of the verification; wherein
the CSR contained in server certificate request is used as said verification information,
the verification page generating means of said Web server displays the generated CSR on the verification page, and
said verification means of the registration server verifies whether the verification page has been generated or not by comparing the verification information read out from the verification page with the CSR contained in the server certificate request.
12. A server certificate issuing system comprising a registration server provided in a registration authority to receive a server certificate request transmitted from a Web server via a network and to transmit a certificate signing request file (CSR) which is included in said server certificate request to an issuing authority after performing a predetermined examination, and a certificate issuing server provided in the issuing authority to receive the CSR transmitted from the registration server, to generate a server certificate with a digital signature, and to transmit the generated server certificate to said registration server, wherein
said Web server comprises
means for generating an entry screen to input application information,
means for generating a key pair of a public key and a private key,
means for generating the CSR containing the generated public key,
verification page generating means for generating a verification page to indicate intention of requesting an issuance of the server certificate and storing verification information in said verification page,
means for generating the server certificate request containing an application information including at least the generated CSR and the address information of said Web server, and
means for transmitting the generated server certificate request to the registration server provided in the registration authority, and
said registration server comprises
means for receiving the server certificate request transmitted from said Web server,
verification information reading means for accessing the verification page of the Web server based on the address information contained in the received server certificate request to read out the verification information indicated on the verification page,
verification means for comparing the read verification information with the information contained in the server certificate request, and
means for transmitting the CSR contained in the received server certificate request to the certificate issuing server,
means for receiving the server certificate transmitted from the certificate issuing server,
download means for downloading the server certificate to the Web server, and wherein
said registration server transmits the CSR contained in said server certificate request to the certificate issuing server only when said verification means has judged that the verification page has been generated, as the result of the verification wherein
said verification page generating means of said Web server performs an encryption operation for a part of the information contained in the server certificate request using a predetermined encrypting arithmetic expression and displays the obtained encrypted data as the verification information on the verification page, and
said verification means of the registration server performs an encryption operation for a part of the information contained in the received server certificate request using said predetermined encrypting arithmetic expression to verify whether the verification page has been generated or not by comparing the generated encrypted data with the verification information read out from the verification page; wherein
the verification page generating means of the Web server performs an encryption operation using the public key of the generated key pair, and displays the generated encrypted data as the verification information on the verification page, and
said verification means of the registration server performs an encryption operation using the public key contained in the CSR, and compares the generated encrypted data with the verification information read out from the verification page.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.